In my previous post I showed you how to get an Amazon EC2 instance to report into AWS Systems Manager. In this blog post I’ll go through how you can get an on-premises instance be it physical or virtual to report into AWS Systems Manager as well.

Create the IAM Role to enable access for Hybrid Environments

Create a text file named ‘SSMService-Trust.json’ with the following trust policy. Save the file with the ‘.json’ file extension.

Use the create-role command to create the service role.

Use attach-role-policy as follows to enable the SSMServiceRole to create a session token. The session token gives your managed instance permission to run commands using Systems Manager.

On a machine with where you have installed AWS Tools for Windows PowerShell, run the following command in AWS Tools for Windows PowerShell.

Press Enter.

If the activation is successful, the system returns an Activation Code and an Activation ID as per the below screenshot.

Store the Activation Code and Activation ID in a safe place.

Install the SSM Agent on a On-Premises Linux Server

Log on to a server or VM in your hybrid environment.

Copy and paste the following command blocks into SSH. Replace the placeholder values with the Activation Code and Activation ID generated when you create a managed-instance activation, and with the identifier of the AWS Region you want to download the SSM Agent from. Note that sudo is not necessary if you are a root user.

Press Enter.

The command downloads and installs the SSM Agent onto the server or VM in your hybrid environment. The command stops the SSM Agent, and then registers the server or VM with the SSM service. The server or VM is now a managed instance.

Install the SSM Agent on a On-Premises Microsoft Windows Servers

Log on to a server or VM in your hybrid environment.

Open Windows PowerShell.

Copy and paste the following command block into AWS Tools for Windows PowerShell. Replace the placeholder values with the Activation Code and Activation ID generated when you create a managed-instance activation, and with the identifier of the AWS Region you want to download the SSM Agent from.

Press Enter.

The command does the following:

Downloads and installs the SSM Agent onto the server or VM.

Registers the server or VM with the SSM service.

Returns a response to the request like the following:

Review within AWS Systems Manager

Login to the AWS Management Console

Navigate to Systems Manager

Click Managed Instances

If the on-premises instance has registered successfully you should see it listed similarly as below: